X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fserver%2Fsfa-server.py;h=156219303e38e6af72f3773e9fedcdbf9e10e014;hb=3c9b4d0e434d536c471d225e01723a61af544cb1;hp=06393ce4b6842ed90e91b2f8394fe002b1e0a1f8;hpb=952322d76247f8991f3c2688ed7e1f5a22ca4572;p=sfa.git diff --git a/sfa/server/sfa-server.py b/sfa/server/sfa-server.py index 06393ce4..15621930 100755 --- a/sfa/server/sfa-server.py +++ b/sfa/server/sfa-server.py @@ -1,8 +1,5 @@ #!/usr/bin/python # -### $Id$ -### $URL$ -# # SFA PLC Wrapper # # This wrapper implements the SFA Registry and Slice Interfaces on PLC. @@ -30,19 +27,22 @@ ## # TCP ports for the three servers -registry_port=12345 -aggregate_port=12346 -slicemgr_port=12347 +#registry_port=12345 +#aggregate_port=12346 +#slicemgr_port=12347 +### xxx todo not in the config yet component_port=12346 -geni_am_port=12348 import os, os.path +import traceback import sys from optparse import OptionParser + +from sfa.util.sfalogging import sfa_logger from sfa.trust.trustedroot import TrustedRootList from sfa.trust.certificate import Keypair, Certificate from sfa.trust.hierarchy import Hierarchy +from sfa.trust.gid import GID from sfa.util.config import Config -from sfa.util.report import trace from sfa.plc.api import SfaAPI from sfa.server.registry import Registries from sfa.server.aggregate import Aggregates @@ -57,13 +57,13 @@ def daemon(): devnull = os.open(os.devnull, os.O_RDWR) os.dup2(devnull, 0) # xxx fixme - this is just to make sure that nothing gets stupidly lost - should use devnull - crashlog = os.open('/var/log/sfa.daemon', os.O_RDWR | os.O_APPEND | os.O_CREAT, 0644) + crashlog = os.open('/var/log/httpd/sfa_access_log', os.O_RDWR | os.O_APPEND | os.O_CREAT, 0644) os.dup2(crashlog, 1) os.dup2(crashlog, 2) def init_server_key(server_key_file, server_cert_file, config, hierarchy): - subject = config.SFA_INTERFACE_HRN + hrn = config.SFA_INTERFACE_HRN.lower() # check if the server's private key exists. If it doesnt, # get the right one from the authorities directory. If it cant be # found in the authorities directory, generate a random one @@ -83,15 +83,11 @@ def init_server_key(server_key_file, server_cert_file, config, hierarchy): if not os.path.exists(key_file): # if it doesnt exist then this is probably a fresh interface # with no records. Generate a random keypair for now - trace("server's public key not found in %s" % key_file) - trace("generating a random server key pair") + sfa_logger().debug("server's public key not found in %s" % key_file) + sfa_logger().debug("generating a random server key pair") key = Keypair(create=True) key.save_to_file(server_key_file) - cert = Certificate(subject=subject) - cert.set_issuer(key=key, subject=subject) - cert.set_pubkey(key) - cert.sign() - cert.save_to_file(server_cert_file, save_parents=True) + init_server_cert(hrn, key, server_cert_file, self_signed=True) else: # the pkey was found in the authorites directory. lets @@ -99,21 +95,42 @@ def init_server_key(server_key_file, server_cert_file, config, hierarchy): # the cert key = Keypair(filename=key_file) key.save_to_file(server_key_file) - cert = Certificate(subject=subject) - cert.set_issuer(key=key, subject=subject) - cert.set_pubkey(key) - cert.sign() - cert.save_to_file(server_cert_file, save_parents=True) - + init_server_cert(hrn, key, server_cert_file) # If private key exists and cert doesnt, recreate cert if (os.path.exists(server_key_file)) and (not os.path.exists(server_cert_file)): key = Keypair(filename=server_key_file) - cert = Certificate(subject=subject) - cert.set_issuer(key=key, subject=subject) - cert.set_pubkey(key) - cert.sign() - cert.save_to_file(server_cert_file) + init_server_cert(hrn, key, server_cert_file) + + +def init_server_cert(hrn, key, server_cert_file, self_signed=False): + """ + Setup the certificate for this server. Attempt to use gid before + creating a self signed cert + """ + if self_signed: + init_self_signed_cert(hrn, key, server_cert_file) + else: + try: + # look for gid file + sfa_logger().debug("generating server cert from gid: %s"% hrn) + hierarchy = Hierarchy() + auth_info = hierarchy.get_auth_info(hrn) + gid = GID(filename=auth_info.gid_filename) + gid.save_to_file(filename=server_cert_file) + except: + # fall back to self signed cert + sfa_logger().debug("gid for %s not found" % hrn) + init_self_signed_cert(hrn, key, server_cert_file) + +def init_self_signed_cert(hrn, key, server_cert_file): + sfa_logger().debug("generating self signed cert") + # generate self signed certificate + cert = Certificate(subject=hrn) + cert.set_issuer(key=key, subject=hrn) + cert.set_pubkey(key) + cert.sign() + cert.save_to_file(server_cert_file) def init_server(options, config): """ @@ -148,14 +165,6 @@ def init_server(options, config): except: manager = None if manager and hasattr(manager, 'init_server'): manager.init_server() - if options.gam: - mgr_type = config.SFA_GENI_AGGREGATE_TYPE - manager_module = manager_base + ".geni_am_%s" % mgr_type - try: manager = __import__(manager_module, fromlist=[manager_base]) - except: manager = None - if manager and hasattr(manager, 'init_server'): - manager.init_server() - def sync_interfaces(server_key_file, server_cert_file): """ @@ -169,13 +178,6 @@ def sync_interfaces(server_key_file, server_cert_file): aggregates.sync_interfaces() def main(): - # xxx get rid of globals - name consistently CamelCase or under_score - global AuthHierarchy - global TrustedRoots - global registry_port - global aggregate_port - global slicemgr_port - # Generate command line parser parser = OptionParser(usage="sfa-server [options]") parser.add_option("-r", "--registry", dest="registry", action="store_true", @@ -186,16 +188,15 @@ def main(): help="run aggregate manager", default=False) parser.add_option("-c", "--component", dest="cm", action="store_true", help="run component server", default=False) - parser.add_option("-g", "--geniam", dest="gam", action="store_true", - help="run GENI aggregate manager", default=False) - parser.add_option("-v", "--verbose", dest="verbose", action="store_true", - help="verbose mode", default=False) + parser.add_option("-v", "--verbose", action="count", dest="verbose", default=0, + help="verbose mode - cumulative") parser.add_option("-d", "--daemon", dest="daemon", action="store_true", help="Run as daemon.", default=False) (options, args) = parser.parse_args() - + sfa_logger().setLevelFromOptVerbose(options.verbose) config = Config() + if config.SFA_API_DEBUG: sfa_logger().setLevelDebug() hierarchy = Hierarchy() server_key_file = os.path.join(hierarchy.basedir, "server.key") server_cert_file = os.path.join(hierarchy.basedir, "server.cert") @@ -208,31 +209,29 @@ def main(): # start registry server if (options.registry): from sfa.server.registry import Registry - r = Registry("", registry_port, server_key_file, server_cert_file) + r = Registry("", config.SFA_REGISTRY_PORT, server_key_file, server_cert_file) r.start() # start aggregate manager if (options.am): from sfa.server.aggregate import Aggregate - a = Aggregate("", aggregate_port, server_key_file, server_cert_file) + a = Aggregate("", config.SFA_AGGREGATE_PORT, server_key_file, server_cert_file) a.start() # start slice manager if (options.sm): from sfa.server.slicemgr import SliceMgr - s = SliceMgr("", slicemgr_port, server_key_file, server_cert_file) + s = SliceMgr("", config.SFA_SM_PORT, server_key_file, server_cert_file) s.start() if (options.cm): from sfa.server.component import Component - c = Component("", component_port, server_key_file, server_cert_file) + c = Component("", config.component_port, server_key_file, server_cert_file) +# c = Component("", config.SFA_COMPONENT_PORT, server_key_file, server_cert_file) c.start() - # start GENI aggregate manager - if (options.gam): - from sfa.server.geni_aggregate import GENIAggregate - g = GENIAggregate("", geni_am_port, server_key_file, server_cert_file) - g.start() - if __name__ == "__main__": - main() + try: + main() + except: + sfa_logger().log_exc_critical("SFA server is exiting")